Three more rogue Python packages have been discovered in the PyPI repository, further evidence that North Korean state-sponsored threat actors use the Python Package Index (PyPI) repository as a distribution point for their malware.
VMConnect, a collection of Python packages that mimic popular open-source Python tools to download an unknown second-stage malware, was first disclosed by ReversingLabs and Sonatype at the beginning of the month.
JPCERT/CC, last month, attributed it to another North Korean activity codenamed SnatchCrypto (aka CryptoMimic or DangerousPassword).
Zanki says this is just another in a line of malicious attacks targeting users of the Py PI repository.
He also notes that threat actors continue to use the python Package Index .
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply